hxxps://61712[.]top/

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2023, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://61712.top/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133329665753366952"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1524	2296	chrome.exe	86
PID 2296 wrote to memory of 1524	2296	chrome.exe	86
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4816	2296	chrome.exe	87
PID 2296 wrote to memory of 4832	2296	chrome.exe	88
PID 2296 wrote to memory of 4832	2296	chrome.exe	88
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89
PID 2296 wrote to memory of 4412	2296	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://61712.top/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6e69758,0x7ffba6e69768,0x7ffba6e69778
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1332,i,10662568591797743866,4395956594672035042,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5048

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a136fb953014578bd2b86a9cab2f2d1e

SHA1
75bfd6d80f880ff693d913abde086117a3f30312

SHA256
58cd42507e58fe2253f814a70ebf4f5c099f4520a5e8c99d1a5242a6f1e62f6d

SHA512
c11f5cfe01ed4fa1f2de9b1e7e8a8bbf08e97ffe54b396928bd59700b3ddce3db711ac94a4a910be3c03a89e891dd3672f8f352108f72938253c26474ec389d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b708b6c3fc2693d236f3ce8771aac04c

SHA1
b68586b4d9e217c81568d99a0c127b2dc17e46aa

SHA256
3561e0e86975652ce3e654ed49ba859f65fe7fe48c16d7b4d65cd13bff6899cf

SHA512
336ce3e3e58e6743eb966116de9a0b3df40f8915c63ccbab5b6881619cc92af1fdd888e712b3342e32325856333b998f280e0943260021c2eeb153527039a538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cedb1a5864427eacdafd997847fa9747

SHA1
d93f744c24cba86651920621de7b9e6438406ed5

SHA256
eb5896b3a9fe469d2aecde72b7d0cbf9e9dbcb14c431edcdd18147240ba7fc82

SHA512
554d0b729fb6321cd4e3719c780738871673c329ee2872922b20a0723ca8c113c715a6790d4dc2f5a9173ddb5b552d232704033cf5c6bd76178c60f21cec725c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2a38c2601f707d2f287242370b47aa78

SHA1
fd021d4a9e2cca3abea798e9d42dbc8a02984e8d

SHA256
f78e5934e36b728588b3fcb0f27a4d23f0593fcc61d922681365b609be3636a0

SHA512
c6f3857037b20f2ab93bace8fc7e4011aacda5d01ca6e375e70aed7050467d7f2d0bec253428a814100f50cc3e0eddc77ec12ef28aa217c3853605e031bfc5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
eef135e91b4e4ccefafd21be1d910580

SHA1
eaa90f2971a7b63f8b094f9b14ceb13909a76276

SHA256
ad50cbd9b710eb3091f81b159d46e956dafc6aef7645508caef0e363f85765de

SHA512
16a3e1a2d55aac9e6dabff1d8bdb43ee7983f9efd24dc303924b83ccfce4e53f7b4b2548785c76937ab6cb3186c290565f0a1d1a45a0379fafafe1a9c5bd7bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit